Privacy Statement

Last updated: April 2026

Controller: Asset HQ
Website / Application: Asset HQ
Contact: support@assethq.eu
Address: Warsaw, Poland

1. Introduction

Asset HQ ("we," "us," or "our") respects your privacy and is committed to handling personal data in accordance with applicable European Union and Polish data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR") and related national legislation.

This Privacy Statement explains how we collect, use, store, share, and protect personal data when you use Asset HQ, including our website, platform, applications, dashboards, integrations, and related services (the "Services").

Asset HQ is designed as a unified IT asset management console that gives organizations visibility into devices, software, licenses, cloud resources, network assets, users, alerts, reporting, and operational activity. Because of that, some of the data processed through the Services may relate to identified or identifiable individuals, especially employees, contractors, administrators, and business contacts.

2. Who We Are

For the purposes of applicable data protection law, Asset HQ acts as the data controller for personal data relating to website visitors, leads, customer contacts, account owners, and other direct interactions with us.

Where Asset HQ processes personal data on behalf of a customer within the platform, such as employee directory data, device assignments, location information, logs, or imported data from connected systems, the customer will typically act as the data controller and Asset HQ will typically act as a data processor or service provider acting on the customer's instructions.

3. Scope

This Privacy Statement applies to personal data we collect or process in connection with:

• visitors to our website;
• trial users, customers, and customer representatives;
• users of the Asset HQ platform;
• business contacts, suppliers, implementation partners, and prospects;
• data processed through integrations or imported into the Services by or on behalf of customers.

4. Categories of Personal Data We Process

Depending on how you interact with us and how the Services are configured, we may process the following categories of personal data:

4.1 Account and contact data

• name;
• business email address;
• phone number;
• company name;
• job title or department;
• account credentials and authentication-related data.

4.2 Customer and billing data

• billing contact details;
• invoicing information;
• subscription and transaction records;
• commercial and contract-related communications.

4.3 Platform usage and technical data

• IP address;
• browser type and version;
• device identifiers;
• operating system;
• session and authentication data;
• timestamps of actions;
• feature usage data;
• log files, telemetry, diagnostics, and error reports.

4.4 Asset and workforce-related data imported or generated within the Services

Depending on customer configuration and connected systems, Asset HQ may process:

• device names and identifiers;
• assigned user or owner details;
• business location or region data;
• department and organizational data;
• management and compliance status;
• risk indicators or security-related status data;
• software installation and version data;
• license allocation and usage data;
• cloud resource ownership or assignment data;
• network asset metadata;
• service, SLA, KPI, incident, and alert-related records;
• audit trail data relating to actions performed in the platform.

4.5 Integration data

We may receive data from systems connected by customers or administrators, including Microsoft Graph, Azure, TOPdesk, identity providers, security tools, finance-related sources, or other configured integrations.

4.6 Communications data

• support requests;
• onboarding communications;
• product feedback;
• emails and other correspondence sent to us.

5. How We Use Personal Data

We use personal data only where we have a valid legal basis and only to the extent necessary for legitimate business and service purposes. These purposes may include:

• providing, maintaining, and securing the Services;
• creating and administering accounts, workspaces, and permissions;
• enabling role-based access control and organization-specific views;
• displaying and managing asset, user, license, cloud, software, and network inventories;
• generating dashboards, reports, analytics, and executive summaries;
• supporting alerts, actions, workflow automation, and approvals;
• synchronizing data from connected third-party services;
• monitoring system health, performance, and reliability;
• preventing unauthorized access, fraud, abuse, and security incidents;
• maintaining logs and audit trails;
• responding to support requests and communicating with customers;
• managing subscriptions, invoicing, and commercial relationships;
• improving and developing the Services;
• complying with legal, regulatory, tax, accounting, and contractual obligations;
• sending service-related notices and, where permitted, marketing communications.

6. Legal Bases for Processing

Where GDPR applies, we process personal data on one or more of the following legal bases:

• Performance of a contract — where processing is necessary to provide the Services, manage accounts, or fulfill contractual obligations.
• Legitimate interests — where processing is necessary for operating, securing, improving, and supporting the Services, managing customer relationships, preventing misuse, and protecting our rights, provided those interests are not overridden by data subjects' rights and freedoms.
• Compliance with legal obligations — where processing is required by applicable law, regulation, court order, or lawful request.
• Consent — where consent is required, for example for certain cookies or certain marketing communications.

7. Special Position of Customer Data

Asset HQ is primarily a business platform. In many cases, personal data available within customer environments is uploaded, synchronized, or otherwise made available to the Services by customers or their administrators.

In such cases:

• the customer determines the purposes and means of the processing of that customer data;
• Asset HQ processes that data on behalf of the customer under applicable contractual terms and documented instructions;
• requests from data subjects relating to customer-controlled data should generally be directed first to the relevant customer organization.

Where required, we expect to enter into a data processing agreement with customers covering processor obligations, confidentiality, security, subprocessing, and international transfers.

8. Cookies and Similar Technologies

We use strictly necessary cookies and similar technologies where required for the operation, security, authentication, and reliability of Asset HQ. These do not require consent where permitted by applicable law.

We may also use optional cookies or similar technologies for analytics, performance measurement, product improvement, and marketing. We will use such optional technologies only where we have obtained the required consent.

If you choose to reject optional cookies, Asset HQ will continue to operate using only strictly necessary cookies and similar technologies. Optional analytics, marketing, and personalization technologies will remain disabled unless and until you later choose to accept them.

You may change your cookie preferences at any time through the cookie settings link or similar tool made available on our website or in the Services.

9. Sharing of Personal Data

We may share personal data only where necessary and appropriate with:

• hosting and infrastructure providers;
• analytics, logging, monitoring, and support providers;
• payment, accounting, legal, and professional advisers;
• identity and authentication providers;
• integration and communication service providers;
• affiliated entities or future group companies where relevant to service delivery;
• competent authorities, regulators, courts, or law enforcement where legally required;
• acquirers, investors, successors, or counterparties in connection with a merger, acquisition, restructuring, financing, or sale of all or part of our business.

We do not sell personal data and we do not share personal data with third parties for their own independent direct marketing purposes unless clearly disclosed and lawfully permitted.

10. International Data Transfers

We aim to host and process data in a manner consistent with European data protection standards. If personal data is transferred outside the European Economic Area ("EEA"), we will use appropriate safeguards as required by GDPR, which may include adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.

11. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Statement, including to:

• provide the Services;
• maintain security and auditability;
• comply with legal, tax, accounting, and regulatory obligations;
• resolve disputes and enforce agreements.

Retention periods may vary depending on the category of data, customer settings, legal requirements, and the nature of the relationship with us. Customer-controlled data may be retained and deleted in accordance with contractual terms, customer instructions, backup cycles, and applicable law.

12. Data Security

We take appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

These measures may include access controls, role-based permissions, encryption where appropriate, logging, audit trails, security monitoring, segregation of environments, least-privilege practices, and vendor management procedures. However, no system can be guaranteed to be completely secure.

13. Data Subject Rights

Under GDPR and applicable law, individuals may have the right, subject to legal limitations, to:

• request access to personal data;
• request rectification of inaccurate or incomplete data;
• request erasure of personal data;
• request restriction of processing;
• object to certain processing, including processing based on legitimate interests;
• request portability of data where applicable;
• withdraw consent at any time where processing is based on consent;
• lodge a complaint with a competent supervisory authority.

If you wish to exercise your rights in relation to personal data for which Asset HQ acts as controller, please contact us at support@assethq.eu.

If your request relates to data processed by Asset HQ on behalf of a customer, we may direct you to the relevant customer organization or assist that customer in responding, as appropriate.

14. Data Accuracy and Customer Responsibility

Customers are responsible for ensuring that the personal data they upload to or synchronize with Asset HQ is collected and used in accordance with applicable law, including having a lawful basis where required, providing any necessary notices, and responding to data subject requests concerning customer-controlled data.

Customers are also responsible for configuring user permissions, dashboards, views, and role-based access settings appropriately within their organization.

15. Third-Party Services and Integrations

The Services may connect to or display data from third-party systems and services. We are not responsible for the independent privacy practices of those third parties. Customers and users should review the privacy documentation of relevant third-party providers before enabling integrations.

16. Children

Asset HQ is intended for business use and is not directed to children. We do not knowingly collect personal data from children.

17. Changes to This Privacy Statement

We may update this Privacy Statement from time to time to reflect legal, technical, or business developments. We will post the updated version and revise the "Last updated" date. Where required by law, we will take additional steps to notify users of material changes.

18. Contact and Complaints

If you have questions about this Privacy Statement or our handling of personal data, please contact us at:

Asset HQ
Warsaw, Poland
support@assethq.eu

If you are located in the European Union or European Economic Area, you may also have the right to lodge a complaint with the competent data protection supervisory authority in your country or, where applicable, in Poland.